package com.example.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;

/**
 * @author LiuShanshan
 * @version V1.0
 * @Description
 */
@RestController
public class SecurityController {
    /**
     * 成功后跳转页面
     * @return
     */
//    @Secured("ROLE_abc")  // @Secured判断是否有角色(相当于给这个路径添加角色)
    @PreAuthorize("hashRole('ROLE_abcd')" + "|| hasAuthority('admin')")     // 在执行方法之前判断权限, 参数可以是任何access()表达式
    @RequestMapping("/toMain")
    public String toMain(){
        return "redirect:main.html";
    }

    @RequestMapping("/toError")
    public String toError(){
        return "redirect:error.html";
    }

    @RequestMapping("/showLogin")
    public String showLogin(){
        return "login";
    }

    @RequestMapping("/get")
    public String get(){
        return "get请求成功";
    }


}
